The terms risk, vulnerability and threat are often confusing and sometime interchangeable leading to a lack of understanding when presenting evidence. Risks are usually based on a probability that a threat of some kind will exploit a vulnerability or weakness in a system or network. In recent years risks have been taken more seriously with many businesses that conduct online …
Presenting Digital Evidence
Testifying and writing a report are both essential ingredients to a successful digital forensics investigation. Digital forensics personnel will potentially spend months of time working with complex data and processes. The delivery and result of this work is reflected in the forensics report and then ultimately testified in court. Cohen (2012) discussed the report as integral to the overall investigation. …
Data Hiding and Steganography
The term ‘Steganography’ refers to ‘covered writing’ and encompasses methods of transmitting secret messages through innocuous cover carriers in a manner that their existence is undetectable. Johnson & Jojodia (1998). For years hackers have been finding more innovative ways of hiding data within existing systems usually for the purpose of transporting it to a target destination. The term ‘carrier’ often …
Preparation Phase of a Digital Search
The preparation phase of digital search is the most important phase of the digital investigation process. If not carried out correctly, the can lead to improper handling of evidence that may lead to damage of crucial materials to an investigation. This phase involves the preparation of tools, techniques, search warrants, and monitoring authorizations and management support. Venansius & Tushabe (2004). …
Yet More Theft of Information Assets
It doesn’t seem that long ago that I received an official letter in the mail from the United States Office of Personnel Management (OPM) detailing that sensitive information about me had been compromised. I had been following the news and knew about the breach, so the letter didn’t come as a huge shock. It did make me think about the …
Important Cybercrime Laws
There are a number of cybercrime laws that are extremely important in the field of digital forensics and cybersecurity as a whole. Two of the most important laws include the Computer Fraud and Abuse Act (CFAA) of 1984 and the Electronic Communications Privacy Act (ECPA) of 1986. The original intent of CFAA was to address computer related crimes and more …
DNS Rebinding and Intrusion Detection with Contextual Signatures
This article summarizes and analyzes discussion from two different articles on the subjects of DNS Rebinding and the use of contextual signatures with Intrusion Detection Systems. DNS Rebinding is type of attack that was first documented in the mid 1990s. Since then it has become more prevalent through vulnerabilities inherent the way information is transmitted to and from a typical web …
Mitigating DoS or Distributed DoS (DDoS) attacks
Denial of Service (Dos) and Distributed Denial of Service (DDoS) attacks have continued to prove to be one of the most challenging threats in modern times. While DoS has been around for some time, the methods used and practices of distributed botnets and automated scripts have continued to grow in sophistication. This paper survey’s three peer reviewed papers in the …
Common Bluetooth Vulnerabilities to be Aware of
Bluetooth connectivity has grown immensely in popularity with mobile devices in the last number of years. The convenience factor of being able to have a hands-free experience with a mobile phone while driving or out and about has fueled this growth. Unfortunately, like all conveniences there are typically downsides. In the case of Bluetooth, there have been a number of …
Mobile Considerations in Network Security Architecture
The use of mobile devices including policies and employee restrictions should be considered in any modern network security architecture. Mobile devices are used commonly both at home and at work with some organizations managing BYOD (Bring your Own Device) policies. It is therefore important to consider the implications of this and to ensure any BYOD device is properly locked down, …